How can I let a user access a WordPress protected page with a URL that will submit the password in the form below?
I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load.
This not intended to be secure in any respect; I’ll need to hardcode the password in the URL and the PHP. It’s just for simplicity for the user.
Edit 4/19/10: As per answers below, it’s possible to set a cookie directly to allow users to not have to enter a password. Letting search bots in is best done by detecting the user agent and redirecting, as bots aren’t going to deal with cookies.
This is the form (which is WordPress core code):
<form action="http://mydomain.com/wp-pass.php" method="post">
Password: <input name="post_password" type="password" size="20" />
<input type="submit" name="Submit" value="Submit" /></form>
This is wp-pass.php (which is WordPress core code):
<?php
require( dirname(__FILE__) . '/wp-load.php');
if ( get_magic_quotes_gpc() )
$_POST['post_password'] = stripslashes($_POST['post_password']);
setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH);
wp_safe_redirect(wp_get_referer());
?>
Rather than keep appending in the previous answer, I’ll try to explain the problem a bit further here.
The way WordPress passwording works, is:
is sent to
wp-pass.php.wp-pass.phptakes the providedpassword, puts it in a cookie and
redirects the user back ot the
original page.
and if the password is correct, it
will show the page.
The problem here is that search engines don’t accept cookies. So, you have two options:
$_GETvariables.I’d love to expand on the latter answer if you want, but I do wonder; if you’re going to give search engines access to passworded content, anyone will have access. Why not just remove the password?